Node.js - v20.6.0

Notable changes

built-in .env file support

Starting from Node.js v20.6.0, Node.js supports .env files for configuring environment variables.

Your configuration file should follow the INI file format, with each line containing a key-value pair for an environment variable.
To initialize your Node.js application with predefined configurations, use the following CLI command: node --env-file=config.env index.js.

For example, you can access the following environment variable using process.env.PASSWORD when your application is initialized:

PASSWORD=nodejs

In addition to environment variables, this change allows you to define your NODE_OPTIONS directly in the .env file, eliminating the need to include it in your package.json.

This feature was contributed by Yagiz Nizipli in #48890.

import.meta.resolve unflagged

In ES modules, import.meta.resolve(specifier) can be used to get an absolute URL string to which specifier resolves, similar to require.resolve in CommonJS. This aligns Node.js with browsers and other server-side runtimes.

This feature was contributed by Guy Bedford in https://github.com/nodejs/node/pull/49028

New node:module API register for module customization hooks; new initialize hook

There is a new API register available on node:module to specify a file that exports module customization hooks, and pass data to the hooks, and establish communication channels with them. The “define the file with the hooks” part was previously handled by a flag --experimental-loader, but when the hooks moved into a dedicated thread in 20.0.0 there was a need to provide a way to communicate between the main (application) thread and the hooks thread. This can now be done by calling register from the main thread and passing data, including MessageChannel instances.

We encourage users to migrate to an approach that uses --import with register, such as:

node --import ./file-that-calls-register.js ./app.js

Using --import ensures that the customization hooks are registered before any application code runs, even the entry point.

This feature was contributed by Izaak Schroeder in https://github.com/nodejs/node/pull/48842 and https://github.com/nodejs/node/pull/48559

Module customization load hook can now support CommonJS

Authors of module customization hooks can how handle both ES module and CommonJS sources in the load hook. This works for CommonJS modules referenced via either import or require, so long as the main entry point of the application is handled by the ES module loader (such as because the entry point is an ES module file, or if the --import flag is passed). This should simplify the customization of the Node.js module loading process, as package authors can customize more of Node.js without relying on deprecated APIs such as require.extensions.

This feature was contributed by Antoine du Hamel in https://github.com/nodejs/node/pull/47999

Node.js C++ addons now have experimental support for cppgc (Oilpan), a C++ garbage collection library in V8.

Now when Node.js starts up, it makes sure that there is a v8::CppHeap attached to the V8 isolate. This enables users to allocate in the v8::CppHeap using <cppgc/*> headers from V8, which are now also included into the Node.js headers available to addons. Note that since Node.js only bundles the cppgc library coming from V8, the ABI stability of cppgc is currently not guaranteed in semver-minor and -patch updates, but we do not expect the ABI to break often, as it has been stable and battle-tested in Chromium for years. We may consider including cppgc into the ABI stability guarantees when it gets enough adoption internally and externally.

To help addon authors create JavaScript-to-C++ references of which V8's garbage collector can be aware, a helper function node::SetCppgcReference(isolate, js_object, cppgc_object) has been added to node.h. V8 may provide a native alternative in the future, which could then replace this Node.js-specific helper. In the mean time, users can use this API to avoid having to hard-code the layout of JavaScript wrapper objects. An example of how to create garbage-collected C++ objects in the unified heap and wrap it in a JavaScript object can be found in the Node.js addon tests.

The existing node::ObjectWrap helper would continue to work, while cppgc-based object management serves as an alternative with some advantages mentioned in the V8 blog post about Oilpan.

This feature was contributed by Daryl Haresign and Joyee Cheung in https://github.com/nodejs/node/pull/48660 and https://github.com/nodejs/node/pull/45704.

Other notable changes

• [d6862b085c] - deps: V8: cherry-pick 93275031284c (Joyee Cheung) #48660
• [00fc8bb8b3] - doc: add rluvaton to collaborators (Raz Luvaton) #49215
• [d649339abd] - doc: add new TSC members (Michael Dawson) #48841
• [67f9896247] - (SEMVER-MINOR) inspector: open add SymbolDispose (Chemi Atlow) #48765
• [5aef593db3] - module: implement register utility (João Lenon) #46826

Commits

• [771abcb5da] - benchmark: add benchmarks for the test_runner (Raz Luvaton) #48931
• [6b27bb0dab] - benchmark: add pm startup benchmark (Rafael Gonzaga) #48905
• [1f35c0ca55] - child_process: harden against prototype pollution (Livia Medeiros) #48726
• [d6862b085c] - deps: V8: cherry-pick 93275031284c (Joyee Cheung) #48660
• [f71e383948] - deps: update simdutf to 3.2.17 (Node.js GitHub Bot) #49019
• [e14f0456ae] - deps: update googletest to 7e33b6a (Node.js GitHub Bot) #49034
• [bfaa0fb500] - deps: update zlib to 1.2.13.1-motley-526382e (Node.js GitHub Bot) #49033
• [b79c652c85] - deps: update undici to 5.23.0 (Node.js GitHub Bot) #49021
• [6ead86145c] - deps: update googletest to c875c4e (Node.js GitHub Bot) #48964
• [4b0e50501e] - deps: update ada to 2.6.0 (Node.js GitHub Bot) #48896
• [d960ee0ba3] - deps: upgrade npm to 9.8.1 (npm team) #48838
• [d92b0139ca] - deps: update zlib to 1.2.13.1-motley-61dc0bd (Node.js GitHub Bot) #48788
• [2a7835c376] - deps: V8: cherry-pick 9f4b7699f68e (Joyee Cheung) #48830
• [c8e17829ac] - deps: V8: cherry-pick c1a54d5ffcd1 (Joyee Cheung) #48830
• [318e075b6f] - deps: update googletest to cc36671 (Node.js GitHub Bot) #48789
• [114e088267] - diagnostics_channel: fix last subscriber removal (Gabriel Schulhof) #48933
• [00fc8bb8b3] - doc: add rluvaton to collaborators (Raz Luvaton) #49215
• [21949c45b6] - doc: add print results for examples in WebStreams (Jungku Lee) #49143
• [032107a6fe] - doc: fix Type notation in webstreams (Deokjin Kim) #49121
• [91d41e7c5a] - doc: fix name of the flag in initialize() docs (Antoine du Hamel) #49158
• [aa4caf810e] - doc: make the NODE_VERSION_IS_RELEASE revert clear (Rafael Gonzaga) #49114
• [f888a1dbe3] - doc: update process.binding deprecation text (Tobias Nießen) #49086
• [89fa3faf92] - doc: update with latest security release (Rafael Gonzaga) #49085
• [3d36e7a941] - doc: add description for --port flag of node inspect (Michael Bianco) #48785
• [e9d9ca12a3] - doc: add missing period (Rich Trott) #49094
• [7e7b554de0] - doc: add ESM examples in http.md (btea) #47763
• [48f8ccfd54] - doc: detailed description of keystrokes Ctrl-Y and Meta-Y (Ray) #43529
• [195885c8f8] - doc: add "type" to test runner event details (Phil Nash) #49014
• [6ce25f8415] - doc: reserve 118 for Electron 27 (David Sanders) #49023
• [9c26c0f296] - doc: clarify use of process.env in worker threads on Windows (Daeyeon Jeong) #49008
• [7186e02aa0] - doc: remove v14 mention (Rafael Gonzaga) #49005
• [9641ac6c65] - doc: drop github actions check in sec release process (Rafael Gonzaga) #48978
• [f3d62abb19] - doc: improved joinDuplicateHeaders definition (Matteo Bianchi) #48859
• [0db104a08b] - doc: fix second parameter name of events.addAbortListener (Deokjin Kim) #48922
• [5173c559b7] - doc: add new reporter events to custom reporter examples (Chemi Atlow) #48903
• [660da785e6] - doc: run license-builder (github-actions[bot]) #48898
• [092f9fe92a] - doc: change duration to duration_ms on test documentation (Ardi_Nugraha) #48892
• [5e4730858d] - doc: improve requireHostHeader (Guido Penta) #48860
• [045e3c549a] - doc: add ver of 18.x where Node-api 9 is supported (Michael Dawson) #48876
• [c20d35df34] - doc: include experimental features assessment (Rafael Gonzaga) #48824
• [d649339abd] - doc: add new TSC members (Michael Dawson) #48841
• [aeac327f2b] - doc: refactor node-api support matrix (Michael Dawson) #48774
• [388c7d9232] - doc: declare path on example of async_hooks.executionAsyncId() (Deokjin Kim) #48556
• [fe20528c8e] - doc: remove the . in the end to reduce confusing (Jason) #48719
• [e69c8e173f] - doc: nodejs-social over nodejs/tweet (Rafael Gonzaga) #48769
• [ea547849fd] - doc: expand on squashing and rebasing to land a PR (Chengzhong Wu) #48751
• [31442b96a5] - esm: fix globalPreload warning (Antoine du Hamel) #49069
• [eb1215878b] - esm: unflag import.meta.resolve (Guy Bedford) #49028
• [57b24a34e6] - esm: import.meta.resolve exact module not found errors should return (Guy Bedford) #49038
• [f23b2a3066] - esm: protect ERR_UNSUPPORTED_DIR_IMPORT against prototype pollution (Antoine du Hamel) #49060
• [386e826a56] - esm: add initialize hook, integrate with register (Izaak Schroeder) #48842
• [74a2e1e0ab] - esm: fix typo parentUrl -> parentURL (Antoine du Hamel) #48999
• [0a4f7c669a] - esm: unflag Module.register and allow nested loader import() (Izaak Schroeder) #48559
• [a5597470ce] - esm: add back globalPreload tests and fix failing ones (Antoine du Hamel) #48779
• [d568600b42] - events: remove weak listener for event target (Raz Luvaton) #48952
• [3d942d9842] - fs: fix readdir recursive sync & callback (Ethan Arrowood) #48698
• [c14ff69d69] - fs: mention URL in NUL character error message (LiviaMedeiros) #48828
• [d634d781d7] - fs: make mkdtemp accept buffers and URL (LiviaMedeiros) #48828
• [4515a285a4] - fs: remove redundant nullCheck (Livia Medeiros) #48826
• [742597b14a] - http: start connections checking interval on listen (Paolo Insogna) #48611
• [67f9896247] - (SEMVER-MINOR) inspector: open add SymbolDispose (Chemi Atlow) #48765
• [b66a3c1c96] - lib: fix MIME overmatch in data URLs (André Alves) #49104
• [dca8678a22] - lib: fix to add resolve() before return at Blob.stream()'s source.pull() (bellbind) #48935
• [420b85c00f] - lib: remove invalid parameter to toASCII (Yagiz Nizipli) #48878
• [a12ce11b09] - lib,permission: drop repl autocomplete when pm enabled (Rafael Gonzaga) #48920
• [458eaf5e75] - meta: bump github/codeql-action from 2.20.1 to 2.21.2 (dependabot[bot]) #48986
• [4f88cb10e0] - meta: bump step-security/harden-runner from 2.4.1 to 2.5.0 (dependabot[bot]) #48985
• [22fc2a6ec6] - meta: bump actions/setup-node from 3.6.0 to 3.7.0 (dependabot[bot]) #48984
• [40103adabd] - meta: bump actions/setup-python from 4.6.1 to 4.7.0 (dependabot[bot]) #48983
• [84c0c6848c] - meta: add mailmap entry for atlowChemi (Chemi Atlow) #48810
• [1a6e9450b8] - module: make CJS load from ESM loader (Antoine du Hamel) #47999
• [a5322c4b4a] - module: ensure successful import returns the same result (Antoine du Hamel) #46662
• [5aef593db3] - module: implement register utility (João Lenon) #46826
• [015c4f788d] - node-api: avoid macro redefinition (Tobias Nießen) #48879
• [53ee98566b] - permission: move PrintTree into unnamed namespace (Tobias Nießen) #48874
• [30ea480135] - permission: fix data types in PrintTree (Tobias Nießen) #48770
• [8380800375] - readline: add paste bracket mode (Jakub Jankiewicz) #47150
• [bc009d0c10] - sea: add support for V8 bytecode-only caching (Darshan Sen) #48191
• [f2f4ce9e29] - src: use effective cppgc wrapper id to deduce non-cppgc id (Joyee Cheung) #48660
• [bf7ff369f6] - src: add built-in .env file support (Yagiz Nizipli) #48890
• [8d6948f8e2] - src: remove duplicated code in GenerateSingleExecutableBlob() (Jungku Lee) #49119
• [b030004cee] - src: refactor vector writing in snapshot builder (Joyee Cheung) #48851
• [497df8288d] - src: add ability to overload fast api functions (Yagiz Nizipli) #48993
• [e5b0dfa359] - src: remove redundant code for uv_handle_type (Jungku Lee) #49061
• [f126b9e3d1] - src: modernize use-equals-default (Jason) #48735
• [db4370fc3e] - src: avoid string copy in BuiltinLoader::GetBuiltinIds (Yagiz Nizipli) #48721
• [9d13503c4e] - src: fix callback_queue.h missing header (Jason) #48733
• [6c389df3aa] - src: cast v8::Object::GetInternalField() return value to v8::Value (Joyee Cheung) #48943
• [7b9adff0be] - src: do not pass user input to format string (Antoine du Hamel) #48973
• [e0fdb7b092] - src: remove ContextEmbedderIndex::kBindingDataStoreIndex (Joyee Cheung) #48836
• [578c3d1e14] - src: use ARES_SUCCESS instead of 0 (Hyunjin Kim) #48834
• [ed23426aac] - src: save the performance milestone time origin in the AliasedArray (Joyee Cheung) #48708
• [5dec186663] - src: support snapshot in single executable applications (Joyee Cheung) #46824
• [d759d4f631] - src: remove unnecessary temporary creation (Jason) #48734
• [409cc692db] - src: fix nullptr access on realm (Jan Olaf Krems) #48802
• [07d0fd61b1] - src: remove OnScopeLeaveImpl's move assignment overload (Jason) #48732
• [41cc3efa23] - src: use string_view for utf-8 string creation (Yagiz Nizipli) #48722
• [62a46d9335] - src,permission: restrict by default when pm enabled (Rafael Gonzaga) #48907
• [099159ce04] - src,tools: initialize cppgc (Daryl Haresign) #48660
• [600c08d197] - stream: improve WebStreams performance (Raz Luvaton) #49089
• [609b25fa99] - stream: implement ReadableStream.from (Debadree Chatterjee) #48395
• [750cca2738] - test: use tmpdir.resolve() (Livia Medeiros) #49128
• [6595367649] - test: use tmpdir.resolve() (Livia Medeiros) #49127
• [661b055e75] - test: use tmpdir.resolve() in fs tests (Livia Medeiros) #49126
• [b3c56d206f] - test: use tmpdir.resolve() in fs tests (Livia Medeiros) #49125
• [3ddb155d16] - test: fix assertion message in test_async.c (Tobias Nießen) #49146
• [1d17c1032d] - test: refactor test-esm-loader-hooks for easier debugging (Antoine du Hamel) #49131
• [13bd7a0293] - test: add tmpdir.resolve() (Livia Medeiros) #49079
• [89b1bce56d] - test: document fixtures.fileURL() (Livia Medeiros) #49083
• [2fcb855c76] - test: reduce flakiness of test-esm-loader-hooks (Antoine du Hamel) #49105
• [7816e040df] - test: stabilize the inspector-open-dispose test (Chemi Atlow) #49000
• [e70e9747e4] - test: print instruction for creating missing snapshot in assertSnapshot (Raz Luvaton) #48914
• [669ac03520] - test: add tmpdir.fileURL() (Livia Medeiros) #49040
• [b945d7be35] - test: use spawn and spawnPromisified instead of exec (Antoine du Hamel) #48991
• [b3a7427583] - test: refactor test-node-output-errors (Antoine du Hamel) #48992
• [6c3e5c4d69] - test: use fixtures.fileURL when appropriate (Antoine du Hamel) #48990
• [9138b78bcb] - test: validate error code rather than message (Antoine du Hamel) #48972
• [b4ca4a6f80] - test: fix snapshot tests when cwd contains spaces or backslashes (Antoine du Hamel) #48959
• [d4398d458c] - test: order common.mjs in ASCII order (Antoine du Hamel) #48960
• [b5991f5250] - test: fix some assumptions in tests (Antoine du Hamel) #48958
• [62e23f83f9] - test: improve internal/worker/io.js coverage (Yoshiki Kurihara) #42387
• [314bd6095c] - test: fix es-module/test-esm-initialization (Antoine du Hamel) #48880
• [3680a66df4] - test: validate host with commas on url.parse (Yagiz Nizipli) #48878
• [24c3742372] - test: delete test-net-bytes-per-incoming-chunk-overhead (Michaël Zasso) #48811
• [e01cce50f5] - test: skip experimental test with pointer compression (Colin Ihrig) #48738
• [d5e93b1074] - test: fix flaky test-string-decode.js on x86 (Stefan Stojanovic) #48750
• [9136667d7d] - test_runner: dont set exit code on todo tests (Moshe Atlow) #48929
• [52c94908c0] - test_runner: fix todo and only in spec reporter (Moshe Atlow) #48929
• [5ccfb8d515] - test_runner: unwrap error message in TAP reporter (Colin Ihrig) #48942
• [fa19b0ed05] - test_runner: add __proto__ null (Raz Luvaton) #48663
• [65d23940bf] - test_runner: fix async callback in describe not awaited (Raz Luvaton) #48856
• [4bd5e55b43] - test_runner: fix test_runner test:fail event type (Ethan Arrowood) #48854
• [41058beed8] - test_runner: call abort on test finish (Raz Luvaton) #48827
• [821b11a59f] - tls: fix bugs of double TLS (rogertyang) #48969
• [4439327e73] - tools: update lint-md-dependencies (Node.js GitHub Bot) #49122
• [21dc844309] - tools: use spec reporter in actions (Moshe Atlow) #49129
• [3471758696] - tools: use @reporters/github when running in github actions (Moshe Atlow) #49129
• [95a6e7661e] - tools: add @reporters/github to tools (Moshe Atlow) #49129
• [995cbf93eb] - tools: update eslint to 8.47.0 (Node.js GitHub Bot) #49124
• [ed065bc56e] - tools: update lint-md-dependencies to rollup\@3.27.2 (Node.js GitHub Bot) #49035
• [a5f37178ad] - tools: limit the number of auto start CIs (Antoine du Hamel) #49067
• [c1bd680f89] - tools: update eslint to 8.46.0 (Node.js GitHub Bot) #48966
• [e09a6b4821] - tools: update lint-md-dependencies to rollup\@3.27.0 (Node.js GitHub Bot) #48965
• [0cd2393bd9] - tools: update lint-md-dependencies to rollup\@3.26.3 (Node.js GitHub Bot) #48888
• [41929a2906] - tools: update lint-md-dependencies to @rollup/plugin-commonjs\@25.0.3 (Node.js GitHub Bot) #48791
• [1761bdfbd9] - tools: update eslint to 8.45.0 (Node.js GitHub Bot) #48793
• [b82f05cc4b] - typings: update JSDoc for cwd in child_process (LiviaMedeiros) #49029
• [be7b511255] - typings: sync JSDoc with the actual implementation (Hyunjin Kim) #48853
• [45c860035d] - url: overload canParse V8 fast api method (Yagiz Nizipli) #48993
• [60d614157b] - url: fix isURL detection by checking path (Zhuo Zhang) #48928
• [b12c3b5240] - url: ensure getter access do not mutate observable symbols (Antoine du Hamel) #48897
• [30fb7b7535] - url: reduce pathToFileURL cpp calls (Yagiz Nizipli) #48709
• [c3dbd0c1e4] - util: use primordials.ArrayPrototypeIndexOf instead of mutable method (DaisyDogs07) #48586
• [b79b2927ca] - watch: decrease debounce rate (Moshe Atlow) #48926
• [a12996298e] - watch: use debounce instead of throttle (Moshe Atlow) #48926